Re: Apache Web Server running on z/OS unable to detect TLS 1.2

Tue, 29 Mar 2016 15:12:07 -0700 

Try SSLProtocolEnable TLSv12 instead of TLSv1.2
You can test with an openssl command similar to:
openssl s_client -connect 12.34.56.78:443 -tls1_2

-- 
  Donald J.
  [email protected]

On Tue, Mar 29, 2016, at 02:26 PM, Jasi Grewal wrote:
> Greetings, We are using Apache Web Server on z/OS system and are seeing the 
> Nessus reports on Port 443 as it cannot detect TLS being enabled, though we 
> do have the statements.
> 
> Our intention is to serve some non-secured pages but main provide our users 
> with controlled access to some more sensitive pages.   When Listen 443  is 
> uncommented in the config file, the server fails the NESSUS scan.  I can only 
> pass the scan by commenting out Listen 443. 
> 
> httpd.conf:
> 
> #Listen 12.34.56.78:443
> Listen 443
> Listen 80
> 
> <VirtualHost _default_:443>              
>    ServerName xxx.xxxx.xxxxx.xxx   
>    SSLProtocolEnable TLSv1.2             
>    SSLProtocolDisable TLSv1.1            
>    SSLProtocolDisable SSLv2              
>    SSLProtocolDisable SSLv3              
>    SSLEnable                             
>    KeyFile /saf IHSASRV_KEYRING  
> 
> We are seeing the following Nessus scan results:
> 
> High Severity Vulnerability   
> TLS Version 1.2 Protocol Detection
> Synopsis :
> The remote service encrypts communications but does not support TLS1.2.
> Description :
> This script detects whether TLS version 1.2 is supported by the remote 
> service for encrypting communications.
> Solution :
> Consult the application's documentation to enable TLS 1.2 or if not supported 
> ask vendor to add support for TLS 1.2 (with approved cipher suites)
> Plugin Output :
> TLS v1.2 is not enabled on this port.
> Nessus Plugin ID : 951001
> 
> Any advise would be grateful.
> Thank you in advance,
> Regards,
> 
> Jasi.
> 
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN

-- 
http://www.fastmail.com - Send your email first class

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to